Group Chief Information Security Officer - HSBC - United States, North America
Click Here to Apply Online
North America-United States-Maryland-Any
At HSBC, the health and well-being of our employees remains of utmost importance. Many of our roles are permitted to work from home (in states in which HSBC is licensed to operate) until further notice.
The Group Chief Information Security Officer (CISO) is responsible the definition, execution and continuous improvement of a best-in-class, Group Information and Cybersecurity Strategy across the global HSBC footprint. The role involves translation of highly technical Cybersecurity concepts into consumable language, in order to drive continuous assessment of cybersecurity and information risk in light of established risk appetites and a constantly evolving cyber-threat landscape.
The Group CISO defines the global Cybersecurity strategy, and ensures its execution through a series of run-the-bank and change-the-bank programmes that provide adequate, embedded, and effective protection of the firm’s information and technology assets. To achieve these goals, the Group CISO must possess significant senior executive management experience delivering a best-in-class cybersecurity practice in large and complex, multinational organizations. In addition, the Group CISO will be required to present evidence that demonstrates control and operational effectiveness for consumption by HSBC Global Businesses and Functions, various HSBC Board-level committees as well as a global community of financial services regulators.
The role will hold overall autonomy and accountability for the global Cybersecurity function, manage a team of circa 1,000 staff worldwide, and an annual operating budget of approximately $250 million.
The ideal candidate will possess an entrepreneurial approach solving complex information and cybersecurity challenges, strong visionary leadership and communication skills.
The role holder will be required to manage stakeholders including the Group CIO, HSBC Board, as well as with Cybersecurity Leadership and staff, and external bodies. These include key regulators across the world (e.g. HKMA, OCC, PRA and FCA)
They will also possess deep domain knowledge of information and cybersecurity best practices, experience of embedding these within an organization, and be able to drive a security first culture across all aspects of the HSBC Group’s operations.
The Group CISO reports directly into the Group Chief Information Officer (CIO).
Impact on the Business/Customers
- Setting the tone and direction of Information and Cybersecurity practices and setting global Cybersecurity standards across the entire HSBC Group to proactively increase Cybersecurity awareness, ownership and Cyber risk reduction
- Focus on First Line of Defence activities across Protect, Detect, and Respond pillars of the NIST Framework
- Continuous assessment and improvement of the control environment relative to the evolving Cyber threat landscape
- Continuous engagement with senior executive management (such as Group COOs and CEOs) to provide expert knowledge that influences Global Businesses and Functions on how to best manage information and cybersecurity risk exposure within business risk appetite, which will impact on their wider organisations
- Adherence to the Line of Defence Risk Management Model and HSBC Operational Risk Framework
- Setting direction and Cybersecurity ways of working across all Global Businesses and Functions across the HSBC Group
Key stakeholders include:
- Group HSBC Board
- HSBC Group Risk Committee (GRC)
- HSBC IT Executive Committee (IT EXCO)
- HSBC Information Security Risk (ISR)
- HSBC Internal Audit
- External Audit
- Financial Services Regulators across the world
- Heads of Global Businesses and Functions
Customer focus: Lead a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to maximise Cybersecurity strategy to improve global HSBC business operations.
Leadership & Teamwork
- Global management responsibility for the Cybersecurity function (including full accountability of the Cybersecurity Maturity Improvement Programme). Develop a global Cybersecurity strategy to uplift the internal capability of the function and implement the build out of a globally consistent target operating model with a clear location strategy
- Provides strong leadership of a high calibre team ensuring high engagement and motivation levels.
- Consults and advise senior stakeholders across the HSBC group to influence sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value
- Actively encourages a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify Cybersecurity talent. Promotes an environment that supports diversity, inclusion and reflects HSBC Technology Brand and values
- Authentically engages a diverse group of stakeholders internally and externally to influence the achievement of best outcomes for all stakeholders
- Builds rapport and mutual understanding to communicate and create opportunities for cross-business working encouraging continued engagement in awareness and ownership of Cybersecurity risks, in line with the defined Group strategy. Encourages team to build sustainable relationships beyond transactional levels and use empathy and insight to build better understanding of mutual benefits
Effectiveness & Control
- Ensures appropriate oversight mechanisms and high standards of internal control, to ensure the identification of emerging threats in the Cybersecurity landscape are in place.
- Implements Cybersecurity best practice, standards and governance frameworks, mapping and adjusting controls to the evolving Cyber threat landscape
- Enhances operational controls, ensuring appropriate tools, Cybersecurity frameworks are adopted, assigned to and owned by stakeholders across all global business and global functions
- Accountable executive for all Cybersecurity matters across the HSBC Group
- HSBC operates from over 3,900 offices in 67 countries, supporting 38 million customers in an increasingly digital offering that requires always on and secure operations of the technology estate. Any lapse in the confidentiality, integrity or availability of these systems impacts our customers access to their accounts, incur operational losses for the firm, damage the HSBC brand, and could lead to censure by external regulators.
- Constant management and setting the direction of the Cybersecurity Strategy across the global HSBC footprint requires a broad range of matrix management, stakeholder engagement and communication skills to bring group solutions to local markets.
- The Group Chief Information Security Officer (CISO) is responsible the definition, execution and continuous improvement of a best-in-class, Group Information and Cybersecurity Strategy across the global HSBC footprint. This will be achieved through managing a run-the-bank, Annual Operating Plan (AOP) budget as well as a change-the-bank programme that is refreshed annually in a continuous cycle of improvement and overseen by the Group Chief Information Officer (CIO), the Group Chief Control Officer (CCO) and ultimately funded through the Group Chief Operating Officer (COO).
Management of Risk
- The Group Chief Information Security Officer (CISO) will continually assess the cyber-threat landscape, changing business strategy, market and economic conditions, and, legal and regulatory requirements, operating procedures and practices, management restructurings and the impact of new technology to ensure that the information and cybersecurity strategy is aligned to, and executed against, the defined cyber-risk appetite.
- This work will require the role holder to adhere to all applicable HSBC policies and a range of local regulations in the markets the firm does business.
Observation of Internal Controls
- The job holder will adhere to and be able to demonstrate adherence to internal controls, some of which will need to be defined by the incumbent. This will be achieved by awareness of all relevant procedures, keeping appropriate records and where appropriate by the timely implementation of new controls, including issues raised by external regulators. All relevant audit points raised against Cybersecurity will be managed to satisfaction and completion by the job holder.
Employment eligibility to work with HSBC in the U.S. is required as the company will not pursue visa sponsorship for these positions
- Functional Expertise – Significant, industry leading subject matter expertise in Cybersecurity together with a broad technology experience and understanding of the value information technology can add to business customers. This includes but is not limited to technology design and implementation, operational process and incident response along with creating and leading a high performance global Cybersecurity team
- Corporate Exposure – Extensive leadership experience within fast-moving, complex and demanding corporate environments where Cybersecurity issues have to be handled on a large scale and with a need to multi-task whilst dealing with ambiguity and change
- Operating in global markets – Experience of working at an operational level in international environments which drive a true international perspective. Commercial experience in different markets/cultures/organisations
- Team Leadership – Experience of having led international projects/initiatives with a team of Cybersecurity professionals, raising standards within the function and improving the profile of Cybersecurity across the HSBC Group. Ability to motivate people and transform the function into a world-class Cybersecurity organisation
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
If you would like to notify the Diversity Recruitment team of your application or if you are simply interested in learning about opportunities at HSBC, please email [email protected]
This job is currently active.